A Method of Detecting SQL Injection Attack to Secure Web Applications

Executive Summary

Web applications are becoming an important part of the people daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL Injection Attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this the authors use semantic comparison. Their focus is on stored procedure attack in which query will be formed within the database itself and so difficult to extract that query structure for validation. Also this attack is less considered in the literature.